search

aerialship / SamlSPBundle

SAML 2.0 Symfony SP Bundle - new version available at
http://www.lightsaml.com/SP-Bundle/
MIT License
63 stars 43 forks source link

IDP EntityDescriptor has no IDPSSODescriptor #49

Closed reypm closed 8 years ago

reypm commented 10 years ago

I'm trying to setup your bundle in my application and this is what I did at security.yml:

saml:
    pattern: ^/
    anonymous: true
    aerial_ship_saml_sp:
        local_logout_path: /logout
        provider: in_memory
        services:
            wso2is:
                idp:
                    file: "@UsuarioBundle/Resources/config/FederationMetadata.xml"

                sp:
                    config:
                        # required
                        entity_id: http://sis
                        # if different then url being used in request
                        # used for construction of assertion consumer and logout urls in SP entity descriptor
                        base_url: https://localhost:9443/samlsso
                    #    want_assertions_signed: true

                    #meta:

                        # or use builtin SpMetaConfigProvider
                        # any valid saml name id format or shortcuts: persistent or transient
                     #   name_id_format: persistent
                      #  binding:
                            # any saml binding or shortcuts: post or redirect
                       #     authn_request: redirect
                       #     response: post
                       #     logout_request: redirect   
    logout:
        path: /logout

Then this is how my FederationMetadata.xml file looks like:

<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://sis">
    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="false">
             <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sis/web/app_dev.php/saml/sp/logout"/>
             <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://sis/web/app_dev.php/saml/sp/logout"/>
             <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://sis/web/app_dev.php/saml/sp/acs" index="0"/>
             <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://sis/web/app_dev.php/saml/sp/acs" index="1"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>

But any time I try the URL http://sis/web/app_dev.php/saml/sp/login I got this error:

IDP EntityDescriptor has no IDPSSODescriptor

What is wrong? What I miss?

I'm using WSO2 EntityServer as IDP, any advice?

tmilos commented 8 years ago

@reypm This is Saml SP Bundle, thus, in it it's own metadata there's only SPSSODescriptor available. It is not made to be an IDP. The IDP config you're setting in security.yml is IDP it will talk to and get identity of the user, not it's own IDP config.

If you need IDP implementation in PHP, note there's a new version of the lightsaml stack in it's own organization https://github.com/lightSAML with a SAML IDP library is being made, but it's still in alpha version. You're welcome to evaluate it and help move it towards stable release.

If you need SP only, there's also a new version of the Symfony SAML SP Bundle and Symfony SAML Bridge Bundle